A new Web security study finds that the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords. Conducted by Webroot, a leader in delivering Internet security as a service, the study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.

Top-level corporate study findings:

• 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
• 88% of Web security administrators say Web browsing is a serious malware risk
• Phishing is the most prevalent Web-borne attack, affecting 55% of companies

The study, which surveyed Web security decision-makers in the United States and United Kingdom, found an overwhelming 79% percent of companies experienced Web-borne attacks in 2012. These incidents continue to represent a significant threat to corporate brands. Results show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56% of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.  

"Protecting against Web-borne malware should be a high priority for all organizations since once inside a network, the propagation of malware can take down the entire company, effectively disabling an organization," said Sara Radicati , President and CEO at Radicati Group. "Finding a balance between providing employees Web access and ensuring corporate information security requires a solid Web security solution and is an essential requirement for companies to avoid this costly liability."

The major trends that are driving businesses and information technology today—mobility, social networking, BYOD and cloud computing—are also making organizations more susceptible to security attacks. More than ever, cybercriminals are taking advantage of these Web-based vulnerabilities, making the threat landscape more challenging. According to the results, phishing represents one of the fastest-growing causes of breaches and data loss as cybercriminals become progressively adept at luring users into divulging sensitive corporate data.

"It's no surprise that the latest study shows that attacks are increasing in frequency, complexity and scale. Organizations need to implement layered defenses from the endpoint to the network to understand not only what is happening but where the attacks are manifesting from and when," said David Duncan , Chief Marketing Officer at Webroot. "Given that instantaneous attacks are morphing constantly and are eluding traditional detection mechanisms, organizations require a cloud-based solution that is effective in this new environment, as well as easy to deploy, quick to respond and flexible to address today's sophisticated cyber-threats."

What can organizations do?

The new "Web Threats Expose Business to Data Loss" report provides a comprehensive analysis of the current Web-based vulnerabilities, and includes steps to reduce the risks associated with this rapidly changing threat landscape. The full report is available at http://www.webroot.com/web-security-report-2013.